Keep cryptocurrency secure
If you're thinking about investing in cryptocurrency, or already have, this guide will help you how to avoid crypto investment scams as well as keeping your digital wallet safe from theft.
What it is
Cryptocurrency is digital currency. There's no centralised bank or government involved, instead,
Cryptocurrency is a form of digital currency that doesn’t require a bank or financial institution to verify transactions. A way of publicly storing data which makes it almost impossible for the data to be changed or forged. One of the most commonly used cryptocurrencies.
Cryptocurrency trading largely operates online and is usually unregulated, as such it can be very difficult to differentiate between legitimate cryptocurrency trading platforms and scam ones.
Wallets
Your digital wallet is software that stores both your private and public
a code that tells a computer how to scramble or unscramble data, can be public or private (secret)
Your private key is essentially a password. It's a long string of letters and numbers that is created the first time you access your wallet. It is very important to keep this key safe and never share it, as it is used to transfer funds out of your wallet.
Non-fungible tokens (NFTs)
NFTs are certificates of ownership for unique digital items, for example art or music, using the same blockchain technology as cryptocurrency.
a unique digital certificate attached to a product (such as an image) to show ownership
How to protect yourself from cryptocurrency investment scams
The main risks with cryptocurrency are scams and theft, and both can result in large financial loss.
Because cryptocurrency is seen by some as a lucrative investment, many investment scams use cryptocurrency as a lure. An investment scam is where you transfer funds thinking you are investing your money into a fund or scheme, but the investment is fake, and your funds are stolen.
-
Social media is not the place for financial advice
Fake cryptocurrency offers may come from advertising on social media, sometimes using the image of a famous person to promote it. Occasionally, the scammers will take control of someone else's account or copy the account and pretend to be that person.
-
Be wary of 'out of the blue' offers
Scammers will start relationships through social media sites, or even online dating sites, to introduce potential victims to a particular cryptocurrency or trading platform. This includes 'exclusive' offers to buy into the launch of a new currency or 'coin'. Turning your social media settings to private will make it harder for scammers to find you on those sites.
-
Do your due diligence
If you are considering investing or trading in cryptocurrency, do your due diligence to ensure the legitimacy of the trading platform. Scammers can create very realistic looking websites and portfolios. Always check if the company is registered to provide financial services in the country they operate in, and whether any financial regulators have issued warnings about the company.
Warnings and alerts | Financial Markets Authority (fma.govt.nz)(external link)
-
Scams can happen when you buy and sell
Just like a dodgy trader on marketplace, scammers will try to rip you off when buying and selling cryptocurrency. Only use well-known trading platforms and be wary of anyone offering too good a deal.
How to protect your cryptocurrency from being stolen
In these cases, the criminals try to trick you into giving them your login details or your wallet's private key. Once they have that, they empty your account. Due to a lack of regulation and the nature of cryptocurrency, it can be almost impossible to get your funds back if they are taken.
-
Never share your private key
Your wallet's private key is how you access and transfer funds out of your wallet. Sharing it with anyone will give them access to all of your cryptocurrency and anything else you have saved there (such as NFTs). Two-factor authentication (2FA) adds an extra security check on top of your password, making it harder for someone to access your wallet or exchange account. This can be a code from an app or something only you have, such as your fingerprint.
-
Never forget your private key
If you forget your private key, you won’t be able to retrieve it anywhere. If you can’t log in to your wallet, you can’t access any of the funds in it. Using a password manager is an easy way to store your passwords and private keys so you don’t forget or lose your important information. They can also generate incredibly secure, randomised passwords.
-
Be wary of phishing emails
The criminals are trying to get your log in details and one way of doing this is to send you a
email which appears to be from the cryptocurrency service you use. The email will tell you to click a link and enter your details. The link will go to a fake version of the website and is set up to harvestwhen a scammer pretends to be someone else, like a bank or NZ Post, usually via email, trying to get your personal information or even money.
.Your personal details, specifically your login details for online accounts.
-
Look out for fake apps
Criminals can create fake cryptocurrency trading apps and then advertise them on social media or directly message you about them. The app asks you to log into your wallet, it looks like it fails to work, but it has actually sent your credentials to the criminals.
-
Keep your wallet in a safe place
Your cryptocurrency wallet needs to be kept securely, either on your own device or with an exchange. If you prefer to use an exchange’s wallet services, look for a reputable one. Using an exchange is like using other online services. If it suffers a cyber attack, access to your wallet could be temporarily unavailable or completely locked out. If it goes out of business, you’ll lose your cryptocurrency.
-
Maintain a back-up
Wallets which are used to store cryptocurrency must be backed up to offline storage to protect you from losing your wallet if anything goes wrong. For example, if you're targeted by ransomware, your device breaks or your wallet is accidentally deleted. Test your backup so you know you can restore it if you need to.
-
Set up encryption
Encrypting your devices will reduce the risk that even if an attacker gets physical access to them could extract your wallet while the device is powered off or locked. The steps to setting up
depends on the device and operating system.A way of scrambling data to make it unreadable unless you have a 'key' to unscramble it.
View long description
There are potential threats with the cryptocurrency trading process.
1. Advertisements and promotions: Protect from investment scams by being wary of any investments that offer high returns or seem too good to be true and do due diligence around any cryptocurrency-related investments.
2. Buying cryptocurrency: There is a risk of being scammed when buying. Like buying from an unknown website, cryptocurrency comes with the same risks that you may not get what you’ve paid for, it could be different to what’s advertised, be stolen or fraudulent.
3. Unauthorised access of your digital wallet: Protect your digital wallet by making sure you are the only one with your private key, and don’t share I with anyone. Secondly, turn on two-factor authentication to keep malicious actors out.
4. Selling cryptocurrency: There is a risk of being scammed when selling cryptocurrency.
Get help
You can report an online issue or security incident to us at CERT NZ.